CN109598145A - It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system - Google Patents
It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system Download PDFInfo
- Publication number
- CN109598145A CN109598145A CN201811494188.4A CN201811494188A CN109598145A CN 109598145 A CN109598145 A CN 109598145A CN 201811494188 A CN201811494188 A CN 201811494188A CN 109598145 A CN109598145 A CN 109598145A
- Authority
- CN
- China
- Prior art keywords
- data
- client
- key
- encryption
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 23
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000010586 diagram Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of anti-data transmission and method for cloud storage divulged a secret, and are related to information security field, mainly solve the problems, such as that traditional data transmission method easily causes user data to reveal;This method include obtain client access request, the access request include input user name and with password corresponding to the user name;Key corresponding with the user name is generated in client;The data upload requests for obtaining client, are converted to encryption data for source data using the key, the encryption data are uploaded to server-side from client;The data download request for obtaining client, is downloaded to client from server-side for the encryption data, encryption data is converted to source data using the key.Source data is converted to encryption data using key by client by the present invention, by encrypted data transmission to server-side, in this way, no key can not be decrypted even if encryption data is stolen in server-side, ensure that the safety of source data.
Description
Technical field
It is specifically a kind of to prevent the data divulged a secret transmission and method for cloud storage and be the present invention relates to information security field
System.
Background technique
Computer network with internet constantly universal each field for having evolved to almost our life and works.
Computer network is calculated from initial centralization, be have passed through Client/Server stage (having two layers of C/S and three layer of C/S), has been sent out
It opens up most popular Browser/Server at present and calculates mode.Either any mode, user are connected by client and are taken
Business provides end, and the interaction of data is carried out with server-side, is finally reached the service provided using server-side.
With the continuous development of cloud computing, more and more users are selected oneself data (file, video, credit card
It is information, even other to be related to the sensitive information of username and password) data that the cloud computing service provider of storage provides deposit
In storage service.While bringing great convenience to user, the safety of data brings great challenge to user.It will be without
The private sensitive data of encryption is stored in the storage of third party service provider offer, is equal to these data Xiang Quanshi
Boundary is shared.More it is a risk that these third party service providers can not only read these user data easily, also know completely
The account information (login name, telephone number, email address etc.) of the owner of these data of road.
Some service providers can resell this these data to obtain interests, can also place data into common search
Search refinement is carried out in engine.Another is potentially prone to, even if once the storage system of hack service provider, these
Sensitive data can be fallen into criminal's hand, cause extremely serious potential threat to user.No matter any situation occurs, use
User data can all be in the state for receiving attack at a kind of moment, and the leakage of sensitive data can bring serious economic loss to user
And security threat.
Summary of the invention
It is above-mentioned to solve the purpose of the present invention is to provide a kind of anti-data transmission and method for cloud storage system divulged a secret
The problem of being proposed in background technique.
To achieve the above object, the invention provides the following technical scheme:
A kind of anti-data transmission and method for cloud storage divulged a secret, comprising the following steps:
Obtain client access request, the access request include input user name and with corresponding to the user name
Password;
Key corresponding with the user name is generated in client;
Source data is converted to encryption data using the key by the data upload requests for obtaining client, described will be added
Ciphertext data is uploaded to server-side from client;
The data download request for obtaining client, is downloaded to client from server-side for the encryption data, using described
Encryption data is converted to source data by key.
As a further solution of the present invention: further include:
Unique cryptographic Hash corresponding with the user name is generated in client.
As further scheme of the invention: the encryption data storage is with unique cryptographic Hash in the client
In the database of index.
It is a kind of to prevent that the data divulged a secret transmission and cloud store equipment, comprising:
Obtain module, for obtaining the access request of client, the access request include input user name and with institute
State password corresponding to user name;
First generation module, for generating key corresponding with the user name in client;
Source data is converted to encryption using the key for obtaining the data upload requests of client by uploading module
The encryption data is uploaded to server-side from client by data;
The encryption data is downloaded to visitor from server-side for obtaining the data download request of client by download module
The encryption data is converted to the source data using the key by family end.
As further scheme of the invention: further including the second generation module, for being generated and the use in client
The corresponding unique cryptographic Hash of name in an account book.
It is a kind of to prevent the data divulged a secret transmission and cloud storage system, including processor and memory, remember in the reservoir
Record has at least one instruction, and at least one instruction is as processor loads and executes the biography of the data as described in claim 1-3
Transmission method.
Compared with prior art, the beneficial effects of the present invention are:
Source data is converted to encryption data using key by client by the present invention, by encrypted data transmission to service
End, in this way, no key can not be decrypted even if encryption data is stolen in server-side, ensure that the safety of source data;Together
When by being arranged unique cryptographic Hash, server-side can not reversely exit the key and user name and close of user by unique cryptographic Hash
Code, i.e., the user that server-side services it does not have the understanding of any key message, further ensure the safety of source data.
Detailed description of the invention
Fig. 1 is the schematic diagram of step S1 in embodiment 1.
Fig. 2 is the schematic diagram of step S2 in embodiment 1.
Fig. 3 is the schematic diagram of step S3-1 in embodiment 1.
Fig. 4 is the schematic diagram of step S3-2 in embodiment 1.
Fig. 5 is the schematic diagram of step S4 in embodiment 1.
Specific embodiment
The technical solution of the patent is explained in further detail With reference to embodiment.
Embodiment 1
A kind of anti-data transmission and method for cloud storage divulged a secret, comprising the following steps:
S1: obtaining the access request of client, the access request include input user name and with the user name institute
Corresponding password.
As shown in Figure 1, being taken by user for mobile phone terminal accesses www.yuguo.com when user is accessed by browser
When business end, server-side disposably sends all codes for executing and entirely servicing to client browser.Next all calculating
It is executed in client with operation.Client brings into operation in browser after receiving operation code, at this moment client meeting
Show login page, it is desirable that user inputs username and password.If it is existing subscriber, login can be clicked after user's input,
If it is new user, it can be clicked after user's input and establish account.
S2: key corresponding with the user name is generated in client.
As shown in Fig. 2, in the examples described above, after user accesses mobile phone terminal success, the username and password meeting of user
According to algorithm production one key, as long as the username and password that user logs in every time is identical, the AES key generated every time also can
It is identical.
Further, client can also generate a unique cryptographic Hash corresponding with user name.
Assuming that user, after being logged in user name Xiao Wang, the AES key that client code generates is xw12345678. key
After generation, client is reruned a hash function, the cryptographic Hash of a unique mapping of client is generated from key, in this example
In, the cryptographic Hash of generation is mf5sd9 ....
S3: obtaining the data upload requests of client, and source data is converted to encryption data using the key, will be described
Encryption data is uploaded to server-side from client.
This step can be decomposed into S3-1 and S3-2 again.
S3-1: as shown in figure 3, next user wants that upload a Word file saves to server-side.If directly uploaded
If, file can be stored in server-side in the form of plain code.The people that any server-side has permission can direct reading this file.
In order to avoid file content is revealed in server-side, file just uses key to be encrypted in client.Word after after encryption
File becomes the data block of non-plain code, i.e. encryption data.
S3-2: as shown in figure 4, in this step, client is sent the unique cryptographic Hash of user and encryption data by network
To server-side.After server-side receives data, the encryption data stored can will be needed to be stored in the unique cryptographic Hash of user as index
Database in.So far client completes all operations of file storage.File is safely stored in server-side.
Pay attention to it being in client encrypted data due to the file for being stored in server-side at this time, and server-side does not have
Client key, so can not block of unencrypted data.Therefore being stored in the customer data of server-side is safe for client.Even if
Data block is stolen in server-side, also can not ciphertext data due to not having key.
On the other hand, the user data of server-side is that the user unique cryptographic Hash generated with client indexes lookup,
Server-side can not reversely shift out the key and username and password of client by cryptographic Hash, so server-side services it
Client there is no the understanding on any key message.
S4: obtaining the data download request of client, and the encryption data is downloaded to client from server-side, utilizes institute
It states key and encryption data is converted into source data.
As shown in figure 5, step process corresponding to this step and S3 on the contrary, user using same username and password from
AES key and unique cryptographic Hash after client logs in, in the code building client of client operation.The use used due to client
Name in an account book and password be same as above logged in when transmitting file it is identical, as AES key generated with unique cryptographic Hash is also.Client will
Downloading request is sent to server-side together with unique cryptographic Hash.Server-side after receiving the request, is found out in the database with unique
Cryptographic Hash is as the encryption data indexed and sends back to client.Client uses after receiving the encryption data that server-side is sent
Same that encryption data is decrypted into source data by key, user can open this file in client and be written and read.
Embodiment 2
It is a kind of to prevent that the data divulged a secret transmission and cloud store equipment, comprising:
Obtain module, for obtaining the access request of client, the access request include input user name and with institute
State password corresponding to user name;
First generation module, for generating key corresponding with the user name in client;
Source data is converted to encryption using the key for obtaining the data upload requests of client by uploading module
The encryption data is uploaded to server-side from client by data;
The encryption data is downloaded to visitor from server-side for obtaining the data download request of client by download module
The encryption data is converted to the source data using the key by family end.
As further scheme of the invention: further including the second generation module, for being generated and the use in client
The corresponding unique cryptographic Hash of name in an account book.
Embodiment 3
It is a kind of to prevent the data divulged a secret transmission and cloud storage system, including processor and memory, remember in the reservoir
Record has at least one instruction, and at least one instruction is loaded by processor and executes transmission side data as described in Example 1
Method.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included within the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.
In addition, it should be understood that although this specification is described in terms of embodiments, but not each embodiment is only wrapped
Containing an independent technical solution, this description of the specification is merely for the sake of clarity, and those skilled in the art should
It considers the specification as a whole, the technical solutions in the various embodiments may also be suitably combined, forms those skilled in the art
The other embodiments being understood that.
Claims (6)
1. a kind of anti-data transmission and method for cloud storage divulged a secret, which comprises the following steps:
Obtain client access request, the access request include input user name and with it is close corresponding to the user name
Code;
Key corresponding with the user name is generated in client;
The data upload requests for obtaining client, are converted to encryption data for source data using the key, by the encryption number
Server-side is uploaded to according to from client;
The data download request for obtaining client, is downloaded to client from server-side for the encryption data, utilizes the key
Encryption data is converted into source data.
2. the anti-data transmission and method for cloud storage divulged a secret according to claim 1, which is characterized in that further include:
Unique cryptographic Hash corresponding with the user name is generated in client.
3. the anti-data transmission and method for cloud storage divulged a secret according to claim 2, which is characterized in that the encryption number
It is in the client in the database of index with unique cryptographic Hash according to storage.
4. a kind of anti-data transmission divulged a secret and cloud store equipment characterized by comprising
Obtain module, for obtaining the access request of client, the access request include input user name and with the use
Password corresponding to name in an account book;
First generation module, for generating key corresponding with the user name in client;
Source data is converted to encryption data using the key for obtaining the data upload requests of client by uploading module,
The encryption data is uploaded to server-side from client;
The encryption data is downloaded to client from server-side for obtaining the data download request of client by download module,
The encryption data is converted into the source data using the key.
5. the anti-data transmission divulged a secret according to claim 4 and cloud store equipment, which is characterized in that further include:
Second generation module, for generating unique cryptographic Hash corresponding with the user name in client.
6. a kind of anti-data transmission divulged a secret and cloud storage system, including processor and memory, which is characterized in that the storage
Record has at least one instruction in storage, and at least one instruction is as processor loads and executes as described in claim 1-3
Data transmission method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811494188.4A CN109598145A (en) | 2018-12-07 | 2018-12-07 | It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811494188.4A CN109598145A (en) | 2018-12-07 | 2018-12-07 | It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109598145A true CN109598145A (en) | 2019-04-09 |
Family
ID=65961460
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811494188.4A Pending CN109598145A (en) | 2018-12-07 | 2018-12-07 | It is a kind of to prevent the data divulged a secret transmission and method for cloud storage and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109598145A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739689A (en) * | 2012-07-16 | 2012-10-17 | 四川师范大学 | File data transmission device and method used for cloud storage system |
CN103516523A (en) * | 2013-10-22 | 2014-01-15 | 浪潮电子信息产业股份有限公司 | Data encryption system structure based on cloud storage |
CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
CN103763315A (en) * | 2014-01-14 | 2014-04-30 | 北京航空航天大学 | Credible data access control method applied to cloud storage of mobile devices |
-
2018
- 2018-12-07 CN CN201811494188.4A patent/CN109598145A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739689A (en) * | 2012-07-16 | 2012-10-17 | 四川师范大学 | File data transmission device and method used for cloud storage system |
CN103516523A (en) * | 2013-10-22 | 2014-01-15 | 浪潮电子信息产业股份有限公司 | Data encryption system structure based on cloud storage |
CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
CN103763315A (en) * | 2014-01-14 | 2014-04-30 | 北京航空航天大学 | Credible data access control method applied to cloud storage of mobile devices |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111191286B (en) | HyperLegger Fabric block chain private data storage and access system and method thereof | |
US6601169B2 (en) | Key-based secure network user states | |
US9767299B2 (en) | Secure cloud data sharing | |
Chu et al. | Security concerns in popular cloud storage services | |
US20040010699A1 (en) | Secure data management techniques | |
CN1235448A (en) | Centralized certificate management system for two-way interactive communication devices in data networks | |
CN113228011A (en) | Data sharing | |
CN103763319A (en) | Method for safely sharing mobile cloud storage light-level data | |
CN113067699B (en) | Data sharing method and device based on quantum key and computer equipment | |
CN104392354A (en) | Association and retrieval method and system used for public key addresses and user accounts of crypto-currency | |
CN101218559A (en) | Token sharing system and method | |
US20170094507A1 (en) | Wireless application protocol gateway | |
CN107948146A (en) | A kind of connection keyword retrieval method based on encryption attribute in mixed cloud | |
CN106850228A (en) | A kind of foundation of portable intelligent password management system and operating method | |
US10068106B2 (en) | Tokenization column replacement | |
US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
US20200145389A1 (en) | Controlling Access to Data | |
US11095620B1 (en) | Secure method, system, and computer program product for exchange of data | |
Chinnasamy et al. | A scalable multilabel‐based access control as a service for the cloud (SMBACaaS) | |
CN109067712A (en) | A kind of user cloud data guard method and proxy server | |
CN103368831A (en) | Anonymous instant messaging system based on frequent visitor recognition | |
Mukundrao et al. | Enhancing security in cloud computing | |
CN105763324B (en) | It is controllable to can verify that multi-user end can search for encryption searching method | |
CN114500069A (en) | Method and system for storing and sharing electronic contract | |
CN110445757A (en) | Personnel information encryption method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190409 |
|
RJ01 | Rejection of invention patent application after publication |